Job Description

As industry moves toward more sophisticated AI development practices to accelerate the software development lifecycle, a new set of security challenges takes shape. When specialized agents autonomously handle design, architecture, and implementation decisions, they may introduce vulnerabilities, like subtle flaws in logic, overlooked threat surfaces, or security anti-patterns propagated at scale across the codebase. At the same time, the question of how to effectively integrate security practices into an agent-driven lifecycle remains open.

Objectives

This internship explores both dimensions: mapping the threats that emerge when agents contribute to building software and identifying how security can be addressed meaningfully within this new paradigm. It will be applied on the ELCAi method, an ELCA approach to agentic software development.

The following activities are foreseen:

• Literature review & context analysis: Survey existing research on secure software development lifecycles and AI-assisted development to establish what is known and where the gaps lie.

• Threat modeling: Identify and classify threats specific to agent-driven development: vulnerable code generation, flawed architectural decisions, prompt manipulation, and cascading flaws across agent handoffs.

• Security integration mapping: Analyze how traditional security practices can be adapted to remain effective when agents are involved, and identify where human oversight remains critical.

• Experimentation & validation: Test identified threats and validate proposed mitigations through concrete scenarios, producing proof-of-concept implementations in a controlled environment.

• Final presentation & knowledge transfer: Deliver a report and internal presentation consolidating findings, threat taxonomy, and actionable recommendations.

Our offer

• A dynamic work and collaborative environment with a highly motivated multi-cultural and international sites team

• The chance to work on one of the most strategic and fast-moving topics in the industry today.

• Monthly After-Works organized per location

• Good work-life balance (2 days per week from home)

Skills required

• Strong cybersecurity knowledge (authentication, access control and authorization, threat modelling, security by design, etc.)

• General understanding of how AI systems work, ideally with some exposure to large language models and agent-based architectures

• Some proficiency in writing and reading code, especially with respect to security practices

We are ELCA, one of the largest Swiss IT tribe with over 2,300 experts. We are multicultural with offices in Switzerland, Spain, France, Vietnam and Mauritius. Since 1968, our team of engineers, business analysts, software architects, designers and consultants provide tailor-made and standardized solutions to support the digital transformation of major public administrations and private companies in Switzerland. Our activity spans across multiples fields of leading-edge technologies such as AI, Machine & Deep learning, BI/BD, RPA, Blockchain, IoT and CyberSecurity.